Monitor a directory or file for changes on Linux using inotify

Many times you may need to watch or monitor a file or directory for changes. When you look around for how to do this you will see MANY people suggesting that you use lsof and that does work very well. Another solution is the use of incron. This solution works far better for the cases where I have needed to know more of what is going on with a file or directory.

Installing incron is simple. On Debian and Ubuntu a simple

apt-get install incron

will get it done. Once it is installed you can add your users who will be allowed to use incron to the /etc/incron/incron.allow file. Thats it your user should now be able to use incrontab -e. For my examples I will be using root, and all the scripts I make will be for root only.

Next its time to talk a little about incron. It will work sort of the same as a regular crontab except that it is event driven and not time scheduled, so the syntax of the file will be a bit different. It is in the format:

<path> <mask> <command>

Where <path> is an absolute path on the file system that will be monitored. <mask> is an event symbol. For a full list of event symbols see man 5 incrontab. <command> is the command that will run when the event in the mask section happens. For this example I am going to use the IN_ALL_EVENTS mask, and show you a simple shell script you can use to just log some basic info about whats going on in our watched directory.

Lets make our shell script. Using your favorite text editor create the file /usr/local/sbin/incron_logger.sh In that file add the following:

#!/bin/bash
logfile=/var/log/inotify_backup_changes_test.log
path=$1
file=$2
event=$3
datetime=`date --rfc-3339=ns`
echo "${datetime} Change made in path: " ${path} >> ${logfile}
echo "${datetime} Change made to file: " ${file} >> ${logfile}
echo "${datetime} Change made due to event: " ${event} >> ${logfile}
echo "${datetime} End" >> ${logfile}

Save this file and chmod 700 the file. Next still as root type:

incrontab -e

The first thing we add is the path, in my case I want to monitor /tmp/watch_me This is just a directory in /tmp that I have created for the purpose of this demo. Next I will add the IN_ALL_EVENTS mask, and finally the command /usr/local/sbin/incron_logger.sh and then some args to call the script with. My completed incrontab entry looks as follows:

/tmp/watch_me IN_ALL_EVENTS /usr/local/sbin/incron_logger.sh $@ $# $%

The symbols added after the command are for the path,event related file name, and finally the event flag that triggered the command to run. Lets save this entry and go create some files and see what happens.

First I will create a file:
touch /tmp/watch_me/testfile1
Now lets take a look at the log:
cat /var/log/inotify_backup_changes_test.log
You should now see:

2011-02-25 10:05:18.450733000-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.450733000-06:00 Change made to file: testfile1
2011-02-25 10:05:18.450733000-06:00 Change made due to event: IN_ATTRIB
2011-02-25 10:05:18.450733000-06:00 End
2011-02-25 10:05:18.454378794-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.454378794-06:00 Change made to file: testfile1
2011-02-25 10:05:18.454378794-06:00 Change made due to event: IN_OPEN
2011-02-25 10:05:18.454378794-06:00 End
2011-02-25 10:05:18.456283635-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.456283635-06:00 Change made to file: testfile1
2011-02-25 10:05:18.456283635-06:00 Change made due to event: IN_CREATE
2011-02-25 10:05:18.456283635-06:00 End
2011-02-25 10:05:18.457849952-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.457849952-06:00 Change made to file: testfile1
2011-02-25 10:05:18.457849952-06:00 Change made due to event: IN_CLOSE_WRITE
2011-02-25 10:05:18.457849952-06:00 End

As you can see from this log we know when the file is opened for writing to make it, and then we know as soon as its been closed. This can be handy for many things, Ill let your imagination run wild on what you can do with this. If you have any questions or comments please feel free to ask and I will do my best to answer them.

hylafax+debian or Ubuntu = No font metric information found

We were recently going through a server migration. Moving from FreeBSD to Ubuntu Linux. One of the apps required to be moved was hylafax. On Debian and Ubuntu there is a hylafax-client package that provides sendfax which is really what we needed. I installed the package and we tested our app but all we got was failure.. We were greeted with the following:

textfmt: No font metric information found for “Courier-Bold”.
Usage: textfmt [-1] [-2] [-B] [-c] [-D] [-f fontname] [-F fontdir(s)] [-m N] [-o #] [-p #] [-r] [-U] [-Ml=#,r=#,t=#,b=#] [-V #] files… >out.ps
Default options: -f Courier -1 -p 11bp -o 0
Error converting document; command was “textfmt -B -f Courier-Bold -Ml=0.4in -p 11 -s default >’/tmp//sndfaxUSNM632′ <'/etc/issue.net'"

It took a a little bit of poking and prodding to figure this one out but to fix it I had to edit the following file:

/etc/hylafax/hyla.conf

In this file there is a setting for the FontMap. I appended /var/lib/defoma/gs.d/dirs/fonts. You will also need the gsfonts package but that is a listed as a dependency so you should already have it installed.

Flip Video UltraHD — on Ubuntu Linux

I mentioned in an earlier post that I recently acquired a new Flip UltraHD Video Camera. What I didnt mention is that it works like a champ on my Ubuntu 10.04 LTS desktop. All I had to do was turn on the flip video, and then plug it in. Next I waited a few moments and then it was mounted as a mass storage device. I was able to import he videos with f-spot, and watch them using VLC. This product just went from cool to kick ass!